For the truly paranoid

I’ve been reinstalling my system as of late (been way too along a comin’) and I realized that I hadn’t set up a firewall yet. This, in turn, had me think how many ports were open. I was up too late and probably had too many cokes by then. I had given myself a dead simple root password so that I could finish the install and began getting that tightening, turning, wretching in the belly feeling. I couldn’t help thinking that, “This could be the time that some random joe comes along and finds a nice open gate”. Doesn’t make much sense now, but decided then to build a script that toggles a 20 character random password to relieved my paranoia. Here it is for anyone who can find use of it. Oh, and I did get my install done.

I just completed an upgrade install of my basement linux server. The whole setup runs behind a NAT’d LAN, so I choose one IP on my private network to receive all public traffic.

I did a parallel install on new hardware of my original system. I installed the Debian base system, then copied all my configs and etc from the original system (which remained up for the full install). Once I had security set up as I would like on the new system, I locked my root account, changed my password to something secure (for use via sudo), started SSH, and then just switched the IPs of my servers.

You should never, ever have an internet facing machine with running services and no firewall. If you’re doing an install with a crappy password for convenience, make sure to turn SSH and every other service. The truly paranoid don’t even connect an Ethernet cable until the entire install is done! :)

Yeah, I thought about this way to late. Done reinstalls enough times I thought I’d push the fold this time. I know people that won’t install a distro from a livecd that does a net install (most livecd’s are pretty insecure). Blocking ssh wasn’t a deal because it wasn’t installed yet but I almost do nothing without a firewall. Whoops :)

Welcome to linuxtidbits.

linuxtidbits is a place for common bits of Linux knowledge. Linux is a good operating system with good people. Being part of Linux, to me, means being a part of something that everyone can contribute to.